| Acronym | Meaning |
|---|---|
dc | Domain Component |
or | Organizational unit to which the user belongs (Organizational Unit) |
cn | Common name (Common Name) |
sn | Person's name (Surname) |
uid | User ID |
mail | e-mail (Email Address) |
* `cn=leandro.pinheiro`: **Common Name** (`cn`) of the entry. It is generally used for names of people or objects.
* `ou=Users`: **Organizational Unit** (`or`) where the entry is located.
* `dc=oldap`: **Domain Component** (`dc`). It can represent a subdomain or a specific part of the domain within the LDAP structure.
* `dc=igp`: Another **Domain Component** (`dc`). Represents another part of the domain, possibly indicating a department or subdivision within the organization.
* `dc=griaule`: **Domain Component** (`dc`) of higher level. Represents the organization's main domain.
Therefore, the DN `cn=leandro.pinheiro,ou=Users,dc=oldap,dc=igp,dc=griaule` identifies a specific user named `leandro.pinheiro` within the organizational unit `Users`, which is part of the subdomain `oldap`, of the domain `igp`, within the main domain `griaule`. This DN provides a clear and unique path to locate this specific entry in the organization's LDAP directory.
{% endhint %}
Then, open the root of *Groups* and choose the desired group. Right-click on the group and choose New Attribute. In `Attribute Type`, choose `member`. Click Finish.
On the **DN Editor**, paste the **DN** full user (copied in the first step). Click OK:
### Quick addition of a group to a user
When the group already has users/members, adding a new user to the group is faster: just right-click on the component `member` and choose New Value. The **DN Editor** screen will open. Then, as shown in the previous section, paste the **DN** full user and click OK.
### Removing the user from a group
Open the group in which the user is:
Right-click on the `member` of the user you want to remove from the group and click Delete Value:
Confirm by clicking OK:
### Group creation
To create a new group, right-click on `ou=Groups` and choose New -> New Entry.
The creation screen will open, similar to user creation. Choose the option `organizationalUnit`.
Choose `or` and fill in a name; in the example below `LDAP`was chosen. Finish creating the group by clicking Finish.
## LDAP navigation
### Searching for user groups using "Quick Search"
To locate a user's groups, go to the LDAP search and select the option `cn` or `member`.
{% hint style="info" %}
By selecting `member`, you will need to search using the **DN** full user.
{% endhint %}
At the top right, check if the following icon is selected:
If not, select it. This will allow you to search the entire groups tree (options `search one level only` or `search whole subtree`).
Check the response in the `Quick Search`:
{% hint style="danger" %}
**Never delete a user using the search result** (in the Quick Search item), because the groups this person belongs to were searched. Therefore, **deleting a line from Quick Search means deleting the group** and not the user.
{% endhint %}
### User's group list in the user's description
Another way to check the groups the user belongs to is through *Fetch*.
For this, right-click on the user's name and choose Fetch -> Fetch Operational Attributes:
It is also possible to enable *Fetch Operational Attributes* by right-clicking and choosing Properties. Then, click on `Connection` and open the `Browser Options`. Then, in the `Features`, check the option `Fetch operational attributes while browsing`:
Thus, the groups the user belongs to will be displayed during navigation:
### Password change
Locate the user via Quick Search, as shown [in this step by step](#pesquisa-de-grupos-do-usuario-pelo-quick-search).
After locating the user, double-click on userPassword and open the tab `New Password`.
Enter the new password and confirm.
After applying the new password, the *Modification Logs* screen will appear confirming your change.
### Password verification
For password verification, first locate the user via Quick Search, as shown [in this step by step](#pesquisa-de-grupos-do-usuario-pelo-quick-search).
After locating the user, double-click on userPassword and open the tab `Current Password`.
In the field, `Verify Password`, enter the user's current password and click Verify.
If the password is correct, the message "*Password verified successfully*" will be displayed.
## User organization
### Users by subgroups
Efficient organization of users in an LDAP directory can be achieved through subtrees. This structure facilitates directory administration, allowing clear segmentation of users based on specific criteria such as company, department or contracts.
#### Concept of User Subtree
To optimize user management, it is recommended to implement a hierarchical subtree with one or two levels at most of depth. This practice ensures a logical separation of users, bringing clarity and efficiency to directory administration.
#### Advantages of the User Subtree
1. **Simplification of Administration**: Reduces the complexity of LDAP administration.
2. **Structured Organization**: Makes it easier to locate and manage LDAP objects.
3. **Performance Improvement**: Minimizes response time in LDAP queries and operations.
This structure exemplifies:
* **ROOT**: Root level of the LDAP directory.
* **Organization**: Main organizational unit.
* **UF**: Federative Unit, exemplifying with `SP` (São Paulo).
* **CONTRACT**: Subdivision of contracts, such as `Scientific Police`.
* **USER**: Users within the specific contract.
* **Permission**: Permissions associated with the users.
Another example, this directly in LDAP, consists of a tree of subgroups. Where there is a group `policiaCivil` and inside it a subgroup `SC`.
